[PATCH] D44934: [analyzer] Improve the modeling of `memset()`.

Artem Dergachev via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Mon May 14 15:30:02 PDT 2018


NoQ added a comment.

Thank you! Looks good overall.



================
Comment at: lib/StaticAnalyzer/Checkers/CStringChecker.cpp:1013-1014
+
+  // Get the offset and the base region to figure out whether the offset of
+  // buffer is 0.
+  RegionOffset Offset = MR->getAsOffset();
----------------
Please say something here (or above) about why do we want our offset to be 0:
> We're about to model memset by producing a "default binding" in the Store. Our current implementation - RegionStore - doesn't support default bindings that don't cover the whole base region.


================
Comment at: lib/StaticAnalyzer/Checkers/CStringChecker.cpp:1037
+
+    if (StateWholeReg && !StateNotWholeReg && CharVal.isZeroConstant()) {
+      // If the 'memset()' acts on the whole region of destination buffer and
----------------
I think we should use `StateNonNullChar` (that's computed below) instead of `CharVal.isZeroConstant()` because the Environment doesn't provide a guarantee that all symbols within it are collapsed to constants where applicable.


================
Comment at: lib/StaticAnalyzer/Checkers/CStringChecker.cpp:1055
+    std::tie(StateNullChar, StateNonNullChar) =
+        assumeZero(C, State, CharVal, Ctx.UnsignedCharTy);
+
----------------
I think this should use `IntTy` here. Because that's the type of the `memset`'s argument, and that's what `assumeZero()` expects.


================
Comment at: test/Analysis/string.c:1412
+  clang_analyzer_eval(strlen(str) >= 10); // expected-warning{{TRUE}}
+  // FIXME: This shoule be TRUE.
+  clang_analyzer_eval(str[1] == '0');     // expected-warning{{UNKNOWN}}
----------------
Typo: `should` :)


Repository:
  rC Clang

https://reviews.llvm.org/D44934





More information about the cfe-commits mailing list